Requirements specification of a cloud service for Cyber Security compliance analysis

This paper presents the practical exploitation of a goal-oriented methodology for requirements specification, called GOReM, for an application scenario involving the development of a cloud service offering a functionality of compliance analysis in the business model of Security as a Service (SecaaS). The requirements specification for this scenario emerged as a real need inside a large industrial project on the field of Cyber Security. GOReM has allowed to achieve in a lean, yet accurate, way the analysis of such a complex scenario, where non-functional requirements, coming from rules and regulations in force in different countries, complicate the handling of a cloud service which might be usable worldwide.

[1]  Raian Ali,et al.  Reasoning with contextual requirements: Detecting inconsistency and conflicts , 2013, Inf. Softw. Technol..

[2]  Fang Liu,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[3]  Roel Wieringa,et al.  Goal-Oriented Requirements Engineering and Enterprise Architecture: Two Case Studies and Some Lessons Learned , 2012, REFSQ.

[4]  Angelo Furfaro,et al.  Mastering Concept Exploration in Large Industrial Research Projects , 2014, CIISE.

[5]  E. Eugene Schultz Security Information and Event Management (SIEM) , 2011, Encyclopedia of Information Assurance.

[6]  Mark von Rosing,et al.  Business Process Model and Notation - BPMN , 2015, The Complete Business Process Handbook, Vol. I.

[7]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[8]  Angelo Furfaro,et al.  Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[9]  Martin Glinz,et al.  On Non-Functional Requirements , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[10]  A. van Lamsweerde Goal-oriented requirements enginering: a roundtrip from research to practice [enginering read engineering] , 2004 .

[11]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[12]  Simonetta Balsamo,et al.  Radical Innovations of Software and Systems Engineering in the Future , 2004, Lecture Notes in Computer Science.

[13]  Neeti Goyal,et al.  Cyber-Crime, Securities Markets, and Systemic Risk , 2013 .

[14]  Patrick Heymans,et al.  Visual notation design 2.0: Towards user comprehensible requirements engineering notations , 2013, 2013 21st IEEE International Requirements Engineering Conference (RE).

[15]  Sepehr Ghazinoory,et al.  Swot Methodology: A State-of-the-Art Review for the Past, A Framework for the Future , 2011 .